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DETAILED ACTION 

Claims 1-21 are pending for examination. 
Claims 1-21 are amended. 
Claims 1-21 are rejected. 

Response to Arguments 

1 . Applicant's arguments filed with regard to claims 1 , 8, and 1 5 have been fully 
considered but they are not persuasive. Applicant argues that cited reference Cook (US 
6 961 783) does not teach all of the limitations of the claims. Examiner disagrees, as 

explained further below. 

2. Applicant argues that Cook does not teach identifying which of a private and a 
global network address a source address and a destination address is. Cook teaches 
that the DNS server identifies the client requesting the address, and also the address of 
the requested device (column 5, lines 1-34). The DNS server thus identifies the client's 
address, as it responds to the request, and the destination address, as it returns the 
address to the client if the client is approved to receive the address. As such. Cook 
teaches identifying the source and destination addresses in the system. Additionally, 
Cook teaches that the inside interface may be connected to a private network, while the 
outside interface may be connected to a public network such as the Internet (column 6, 
line 61 to column 7, line 7). Thus, the logic of the device may utilize both private and 
public network addresses. As such, the rejection of claims 1, 8, and 15 is maintained. 
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Claim Rejections - 35 USC § 102 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

4. Claims 1, 8, and 15 are rejected under 35 U.S.C. 102(e) as being anticipated by 
US 6 961 783, Cook et al (previously cited). 

5. As per claims 1 , 8, and 15, Cook teaches a name/address translation device, 
method, and computer-readable medium recording a program (abstract) comprising: 

an identifying unit configured to identify, when a query about an address 
corresponding to a name of a communication destination is received from a 
communication source, which of a private network address and a global network 
address a source address of the communication source is and which of a private 
network address and a global network address a destination address of the 
communication destination is (column 6, line 61 to column 7, line 7, where the device 
has multiple network interfaces, where the inside interface may be connected to a 
private network, while the outside interface is connected to a public network such as the 
Internet. In addition, each interface is fitted appropriately for communication with media, 
logic, and memory to communicate with the various media types. This logic and 
difference between internal and external private and public networks allows the device 
to distinguish between the network types of the source and destination by which 
interfaces the communications are associated with); 

a judging unit configured to judge, based on a result of identification by the 
identifying unit, whether or not to allow to give a response including the address 
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corresponding to the name of the communication destination to the communication 
source of the query (column 5, lines 23-34, where the system access list may require 
device verification in order to respond with the requested address. This verification 
serves to judge whether the requesting device is allowed access to the destination 

address); and 

a sending unit configured to send the response to the communication source 
when the judging unit judges that it is allowable to give the response (column 5, lines 1- 
10, where the DNS server resolves the domain name into an IP address and forwards it 
to the requesting client). 

Claim Rejections - 35 USC § 103 

6. Claims rejected under 35 U.S.C. 103(a) as being unpatentable over US 6 961 
783, Cook et al as applied to claims 1 , 8, and 15 above, and further in view of US 

2003/0172145, Nguyen. 

7. As per claims 2, 9, and 16, Cook further teaches a searching unit configured to 
search for an address of the communication destination to be given to the 
communication source as a response to the query when the identifying unit identifies 
that the communication source belongs to the private network and that the 
communication destination belongs to the public network (column 5, lines 1-10, where 
the DNS server resolves the IP address of the requested domain name for a client 
requesting an Internet IP address. This, along with column 6, line 61 to column 7, line 7, 
where the device has multiple network interfaces, where the inside interface may be 
connected to a private network, while the outside interface is connected to a public 
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network such as the Internet, shows that the client on a private address may request the 
public IP address of a domain name from the domain name server); and 

a sending unit configured to send the response containing the address of the 
communication destination to the communication source when the searching unit 
searched the address of the communication destination, and rejecting the query when 
the identifying unit identifies that the communication source belongs to the second 
network and the communication destination belongs to the first network (column 5, lines 
1-10, where the DNS server resolves the domain name into an IP address and forwards 
it to the requesting client, along with Figure 3, also column 7, lines 20-22, where the 
address is not returned if the source is not allowed to access the destination). 
Cook does not expressly teach rejecting the query when it comes from a global network 
for a private network. Nguyen teaches a system for providing internet service 
comprising: 

a sending unit sending a response to a query when the searching unit searches 
for a query, and to reject the query when the identifying information identifies that the 
communication source belongs to a global network and the communication destination 
belongs to a private network (paragraph 532, where the split DNS prevents internal host 
names and addresses from being revealed over the internet). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a split DNS such as taught by Nguyen in a DNS system such as taught by 
Cook. Cook's system provides access control lists such that a DNS query may be 
rejected based on access rights. Nguyen's system splits the DNS response units such 
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that external and internal addresses are preserved within their domains. Splitting 
domains such as taught by Nguyen would prove beneficial in that private addresses 
would not be sent over the global network, adding security (Nguyen, paragraph 532). 

As per claims 3, 10, and 17, Cook further teaches the sending unit invalidates 
sending the response, if there is no application of which a use is permitted in a 
communication between the communication source and the communication destination 
when the identifying unit identifies that the communication source belongs to the private 
network and the communication destination belongs to the global network (column 7, 
lines 20-22, where the address is not returned if the source is not allowed to access the 
destination). 

8. Claims 4-7, 11-14, and 18-21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US 6 961 783, Cook et al and US 2003/0172145, Nguyen as applied 
to claims 2, 9, and 16 above, and further in view of US 7 093 288, Hydrie et al 
(previously cited). 

9. As per claims 4, 1 1 , and 18, neither Cook nor Nguyen expressly teach a system 
with firewall or packet filtering in conjunction with the DNS service. Hydrie teaches a 
system of network communication containing a packet filtering system and method 

comprising: 

a notifying unit configured to notify, when a response containing a second 
terminal corresponding to the communication destination belonging to the second 
network is given to a first terminal corresponding to the communication source 
belonging to the first network, a routing device of passage information for letting a data 
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pass through that are forwarded between the first terminal and the second terminal, the 
routing device receiving the data forwarded between the first network and the second 
network and letting only the data with its passage permitted pass through, and effecting 
an address translation between the first network and the second network (column 4, 

lines 25-40, where the filters are accessed by the controller, and thus the controller 
becomes aware of the passage rules, and either allows or denies communication 
between devices). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a method of packet filtering such as that taught by Hydhe in the system of 
Cook. Packet filtering allows a user to determine whether communication should be 
allowed between devices based on a desired rule set (Hydrie, abstract). This would 
have been beneficial in Cook's system, as it would have provided an additional layer of 
protection to deny communication between devices, which is not allowed by the access 
list. 

1 0. As per claims 5, 1 2, and 1 9, Hydrie further teaches 

wherein the notifying unit notifies the routing device of passage information 
containing a first network address used in the first network that is virtually assigned to 
the second terminal and a second network address that the second terminal uses on 
the second network, so that the routing device translates, when a data transmitted from 
the second terminal passes through, the second network address a source address 
included in the data into the first network address (column 4, lines 42-50 show the 
virtual ization data, which includes a map of the virtual devices. This map contains 
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information on the communication source and destination, and also contains translation 
information for translating the virtual addresses to real addresses), and 

wherein the sending unit sends a response containing the first network address 
so that the first terminal adds the first network address as a destination address to a 
data addressed to the second terminal to transmit the data addressed to the second 
terminal, and that the routing device translates, when the data addressed to the second 
terminal passes through, translates, when the data addressed to the second terminal 
passes through, the destination address into the second network address (column 4, 
lines 60-64 show that the network mediator uses the mapped addresses contained in 
the virtualization data to convent the addresses and forwards the communication). 
11. As per claims 6, 1 3, and 20, Hydrie further teaches the notifying unit notifies the 
routing device of the passage information further containing information about an 
application of which the utilization is permitted in the communication between the first 
terminal and the second terminal in order for the routing device to let only the data pass 
through which is based on the application of which the utilization is permitted between 
the first terminal and the second terminal (Hydrie teaches this limitation. Column 6, lines 
40-50 show an example of the system working with multiple filters, where one filter 
restricts the communication between two devices to a particular protocol). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a method of packet filtering such as that taught by Hydrie in the system of 
Cook. Packet filtering allows a user to determine whether communication should be 
allowed between devices based on a desired rule set (Hydrie, abstract). This would 
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have been beneficial in Cook's system, as it would have provided an additional layer of 
protection to deny communication between devices, which is not allowed by the access 
list. In particular, restricting access to a particular protocol would provide further 
security, as even with a connection, a device would not have full control over another 

device. 

12. As per claims 7, 14, and 21, Hydrie further teaches wherein the notifying unit 
notifies, before the sending unit sends the address of the second terminal, the routing 
device of the passage information (Hydrie teaches this limitation. Column 4, lines 25-40 
show that the passage information is maintained in the filter list, thus providing a stable 
source of the passage information which can be accessed at any time). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a method of packet filtering such as that taught by Hydrie in the system of 
Cook. Packet filtering allows a user to determine whether communication should be 
allowed between devices based on a desired rule set (Hydrie, abstract). This would 
have been beneficial in Cook's system, as it would have provided an additional layer of 
protection to deny communication between devices, which is not allowed by the access 
list. 

Conclusion 

1 3. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
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TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to THOMAS RICHARDSON whose telephone number is 
(571 ) 270-1 1 91 . The examiner can normally be reached on Monday through Thursday, 
8am-5pm EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Vaughn can be reached on (571 ) 272-3922. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Supervisory Patent Examiner, Art Unit 2444 



